Cyber security for smart cities: End-to-end cyber security strategy for IoT connected services

Abstract

A smart city is an urban agglomeration which capitalises on information technologies (IT) and artificial intelligence (AI) facilities to offer special services to its community and visitors. These range from more complex services such as energy production, road traffic management, civil security and territorial administration, to simpler services such as household waste management or free Internet in parks, libraries, shopping centres and other public places. To achieve this integration of management, an important step is to install sensors that are essential for collecting data. The collection of information to manage sensitive infrastructure via IT services comes with security risks, however. The impact of cyber security breach risks linked to these data collection activities and storage can be dramatic, depending on the type of service: power plants, water management systems, automated or driverless trains, vehicle traffic management systems, etc. These types of service, due to IT and AI evolution, are increasingly the victim of attacks by cyber criminals, especially the industrial control system (ICS)/supervisory control and data acquisition (SCADA) and smart grid networks. These networks are nowadays prime targets for professional hackers, cybercriminal organisations, or even competitors who want access to inside privileged information. To support interest in this type of attack for these networks, we can cite malicious programs such as Stuxnet, Dragonfly and BlackEnergy3, which damaged the Ukraine SCADA network with major consequences for energy production and distribution. Ukrainian energy private companies were victims of the attack, which resulted in total blackouts in at least eight regions of the country. Stuxnet has also been used to destroy a large part of the centrifuges fleet used by Iran for its uranium enrichment programme, etc. The rise of electric vehicle (EV) smart cities is based on smart grid infrastructure and IT — a combination that can lead to increased cyber security risks to the electricity network as well as for fast-charging stations. The purpose of this paper is to identify the most sensitive systems in smart cities, describe potential risks associated with these systems, and propose mitigation mechanisms to reduce associated cyber security risks.